diff --git a/api/v1/gateway/index.js b/api/v1/gateway/index.js index 8cb17d6..625a2a1 100644 --- a/api/v1/gateway/index.js +++ b/api/v1/gateway/index.js @@ -39,6 +39,7 @@ GatewayServer.prototype.eventSetup = function() { const token = socket.handshake.query.token; if (!token) return this.authDisconnect(socket, callback); + if (!(typeof token === 'string')) return this.authDisconnect(socket, callback); jwt.verify(token, secret.jwtPrivateKey, {}, async (err, data) => { if (err) return this.authDisconnect(socket, callback); @@ -81,13 +82,13 @@ GatewayServer.prototype.eventSetup = function() { socket.isConnected = true; socket.on('message', ({ category, content }) => { - if (!category || !content || !socket.joinedCategories || !socket.isConnected || !socket.user) return; + if (!category || !content || !socket.joinedCategories || !socket.isConnected || !socket.user || !(typeof content === 'string') || !(typeof category._id === 'string')) return; content = content.trim(); if (!content || content === '' || content === ' ' || content.length >= 2000) return; // TODO: When/if category permissions are added, check if the user has permissions for that category const categoryTitle = socket.joinedCategories[category._id]; - if (!categoryTitle) return; + if (!categoryTitle || !(typeof categoryTitle === 'string')) return; const messageObject = { author: { @@ -108,7 +109,7 @@ GatewayServer.prototype.eventSetup = function() { socket.on('subscribe', async (categories) => { if ( !socket.isConnected || !socket.user || !categories || !Array.isArray(categories) || categories === []) return; for (const v of categories) { - if (!v) continue; + if (!v && !(typeof v === 'string')) continue; // TODO: When/if category permissions are added, check if the user has permissions for that category const category = await Category.findById(v); if (category && category.title && category._id) {